Home page logo
metasploit logo
Metasploit Mailing List

Development discussion for Metasploit, the premier open source remote exploitation tool

List Archives


Latest Posts

Re: Bypassing AV for Java payloads Michael Schierl (Aug 02)
Am 02.08.2014 um 21:44 schrieb HD Moore:

In fact, the two repos forked somewhen in 2010 off JavaPayload-1.0.zip,
even before the point where I put it into the SVN repo that was later
converted to my Git repo (Yes, all the time from JavaPayload 1.0 to 1.1,
there did not exist any source control repo at all, primarily because I
thought it won't get that big).

And the code base evolved quite differently.

- One...

Re: Bypassing AV for Java payloads HD Moore (Aug 02)
Thanks Michael!

It looks like framework uses the metasploit-javapayload repository, which has support for Android, but may be missing
some of the code written between 10-12 months ago in your repository.

The obfuscator approach looks reasonable (and definitely effective) and there really is no reason we shouldn't try to
build them into the Java exploit modules through a mixin that falls back to static files when java is not present.


Re: Bypassing AV for Java payloads Michael Schierl (Aug 02)
Am 02.08.2014 um 07:12 schrieb HD Moore:

More precisely, nobody has tried to integrate obfuscators/crypters for
Java payloads into Metasploit. My JavaPayload repository contains (quite
simplistic) crypters for Jar and War files (both those generated by
Metasploit and by JavaPayload) for more than two years now, and despite
the fact that I never changed them in the last two years, obfuscating a
stock Metasploit JAR file [1] creates quite decent...

Re: Bypassing AV for Java payloads HD Moore (Aug 02)
There is no reason it cant - We even ship the JRE with the official installer, but so far nobody has built obfuscators
for the java payloads. If you do so without needing the JDK installed to rebuild each time, even better.


Bypassing AV for Java payloads Pedro Ribeiro (Aug 02)

I'm testing a module that uses a Java WAR payload, and it's detected
by most AVs, even a 2 year old Windows Defender installation.

I know this is an arms race, but what can we do to make the Java
payload harder to detect in the framework? Can it be regenerated /
packed at every run? Or maybe have some kind of git hook that
regenerates it at every new release?


Re: Deploying meterpreter / some other payload to NAT'ed devices egypt (Jul 28)
The recently-added reverse_hop_http[1] stager, thanks to scriptjunkie,
might give you a means of achieving 3a. If the server is not running PHP,
at least it will give you a starting point. Implementing the proxy in
multiple languages for scenarios like this would be useful.


Deploying meterpreter / some other payload to NAT'ed devices Pedro Ribeiro (Jul 28)

I'm building a metasploit module that abuses a vulnerability in a server
that deploys software packages to clients
The idea is to:
1) gain administrative access to the server
2) use the admin access to deploy a payload to the clients
3a) get the clients to connect back using the server as a proxy (they might
be NAT'ed of otherwise inaccessible from the attacking machine)
3b) deploy some kind of payload that allows me to control...

Ruxcon 2014 Final Call For Presentations cfp (Jul 15)
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
CQ Function Centre


The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2014.

.[x]. About Ruxcon .[x].

Ruxcon is...

Updating a file referenced by exploit module NeonFlash (Jul 14)

I want to modify one of the files referenced by an existing exploit module.

For instance, let's say in the exploit module we have the code:

    File.open(File.join( Msf::Config.data_directory, "exploits", "cve-2013-xxx", "sample.zip" ), "rb") { |f| @xyz =
f.read }

it will read the file, sample.zip from the path: /opt/metasploit-framework/data/exploits/cve-2013-xxx/sample.zip and
store it...

Re: [metasploit-hackers] Mac OS X Meterpreter Anwar Mohamed (Jun 30)
I have opened a new #PR
https://github.com/rapid7/metasploit-framework/pull/3482, I hope to get
your feedback as soon as possible.

Thanks in advance

Re: Auto targeting with multi platform payloads Pedro Ribeiro (Jun 29)
Hi Rob,

I ended up doing your second suggestion, after auto selecting a Linux
target I use payload_info to check if the payload contains the "Windows"
string and bail out with an error message if so.

The check targeting is not a good idea in my case. This is because to get a
100% correct target I have to perform a minor injection (the module
exploits a sql injection). I haven't seen this written anywhere but I would
think that...

Re: [metasploit-hackers] Mac OS X Meterpreter Rob Fuller (Jun 29)
Looks like it's really coming along, awesome work!. Any chance you can
shoot some build notes or quick how-to on the best way to get started
testing it and giving you feedback?

Re: Auto targeting with multi platform payloads Rob Fuller (Jun 29)
You could write your auto-targeting into the "check" function thus giving
the user the chance to select their target and the proper payload. Most of
the other "auto" target exploits stay with the same target OS and just
switch offsets based on versions of the OS that matter to the exploitation

What I would suggest is to do a check in the module code to exit if the
target system and payload don't match up and...

Re: [metasploit-hackers] Mac OS X Meterpreter Anwar Mohamed (Jun 28)
Okay now i think i have compiled it successfully, now I am going to
recompile the core_loadlib

Screenshot - 06282014 - 03:38:59 PM.png

Re: [metasploit-hackers] Mac OS X Meterpreter Tod Beardsley (Jun 28)
Sweet, thanks Anwar!

More Lists

Dozens of other network security lists are archived at SecLists.Org.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]